Sign in
 
HomeLibraryLearnDownloadsRepositoryCommunityForumsBlog
Script Center >
Powershell users groups

Answered Powershell users groups

  • Friday, December 07, 2012 6:13 PM
     
     
    Sign In to Vote
    0

    I'm trying to list all the group names that users are a member of and display the users names as well.

    I've tried this command:

    (Get-QADUser.user).memberof | Get-QADGroup | select name

    but it lists only the name of the group that the user is a member of.  I would like to list the user's name as well alongside with their group name.

    I am trying to pull users from a particular OU using Get-QADUser and then use the -match operator to find any groups that matches a certain word in the group but i cant make it work.

    Any help on this would be greatly appreciated.

     

All Replies

  • Friday, December 07, 2012 6:29 PM
    Moderator
     
     Proposed Has Code
    Sign In to Vote
    0

    Try it this way:

    $user = get-qaduser 'username'
$user.memberOf | foreach-object {
  new-object PSObject -property @{
    "name" = $user.name
    "memberOf" = (get-qadgroup $_).name
  }
}

    Bill

     
  • Friday, December 07, 2012 7:03 PM
     
     
    Sign In to Vote
    0

    Wow...that looks good.  Thanks!   Now how can i get it to search for users in a specific OU? When i try using the get-qaduser -SearchRoot "DN of the OU" i get a "Get-QADUser : Unknown error (0x80041070)

    And how can i filter for groups that have a particular word in them like say "Admins".  I try using the -match operator at the end of the "memberof" line but its not working.

     
  • Friday, December 07, 2012 8:38 PM
    Moderator
     
     Answered Has Code
    Sign In to Vote
    0
    Wow...that looks good.  Thanks!   Now how can i get it to search for users in a specific OU?
    ...

    And how can i filter for groups that have a particular word in them like say "Admins". I try using the -match operator at the end of the "memberof" line but its not working.

    Answer to first question: Use the -searchroot parameter for get-qaduser.

    Answer to second question: One way to do this is to select only the group names you want using where-object. For example:

    $user = get-qaduser 'username' -searchroot 'OU=OUName,DC=fabrikam,DC=com'

$memberOf = $user.memberOf | foreach-object {
    (get-qadgroup $_).Name } |
    where-object { $_ -like "*admins*" }

$memberOf | foreach-object {
  new-object PSObject -property @{
    "name" = $user.name
    "memberOf" = $_
  }
}
    Bill
     
  • Monday, December 10, 2012 1:41 PM
     
      Has Code
    Sign In to Vote
    0

    Thanks for the quick reply but im getting this error:

    Get-QADGroup : Cannot validate argument on parameter 'Identity'. The argument is null or empty. Supply an argument that is not null or empty and then try the command again.
At line:4 char:18
+     (get-qadgroup <<<<  $_).Name } |
    + CategoryInfo          : InvalidData: (:) [Get-QADGroup], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Powershell.Cmdlets.GetGroupCmdlet

     
  • Monday, December 10, 2012 3:34 PM
    Moderator
     
     
    Sign In to Vote
    0

    What group is causing that error? Does it have a 'name' property?

    Bill

     
  • Monday, December 10, 2012 4:20 PM
     
     
    Sign In to Vote
    0
    How can i tell which group is causing that error?   All the groups im searching through have a name property.
     
  • Monday, December 10, 2012 4:28 PM
    Moderator
     
      Has Code
    Sign In to Vote
    0

    Hi,

    You can find it out by outputting the groups' DNs. For example:

    $user = get-qaduser 'username' -searchroot 'OU=OUName,DC=fabrikam,DC=com'

$user.memberOf | foreach-object {
  $group = get-qadgroup $_
  new-object PSObject -property @{
    "DN" = $group.DN
    "Name" = $group.Name
  }
}

    Bill

     
  • Monday, December 10, 2012 4:56 PM
     
     
    Sign In to Vote
    0

    It gives me the same error and it doesn't tell me which group.  When i run your script for just a single username it works flawlessly, but if i try to run it by searching for users in a particular OU it fails.   Like the first line i changed it to this:

    $user= get-qaduser -SizeLimit 0 -searchroot 'OU=OUName,DC=fabrikam,DC=com'

    Thats the only change i made to your script so could that be the reason why it's giving me that null/empty error?

     
  • Monday, December 10, 2012 5:26 PM
    Moderator
     
     
    Sign In to Vote
    0

    Hi,

    Hint: If you don't specify a single user, get-qaduser will return multiple users.

    Exercises:

    Question 1: Why does the script work for a single user, but not for multiple users?

    Question 2: How can we modify this script so that it will work for multiple users?

    Bill

     
  • Thursday, December 13, 2012 6:25 PM
     
     
    Sign In to Vote
    0
    I tried several things and i cant get it to work with multiple users.  Any help would be appreciated.
     
  • Thursday, December 13, 2012 8:13 PM
    Moderator
     
      Has Code
    Sign In to Vote
    0

    There are two main ways you can iterate a list of items (users, array elements, whatever) in PowerShell: The ForEach-Object cmdlet, and the foreach statement. You can see how to use both of them by typing the following commands at a PowerShell prompt:

    PS C:\> help foreach-object
...[outputs the help for the ForEach-Object cmdlet]...
PS C:\> help about_Foreach
...[outputs the help for the foreach statement]...

    You can use the knowledge gained from these help topics to help you iterate the list of users the get-qaduser cmdlet is outputting.

    Bill